projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 29d7eeb 395658d)
389-ds-base (1.4.4.11-2+deb11u1) bullseye-security; urgency=medium
authorAndrej Shadura <andrewsh@debian.org>
Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)
committerAndrej Shadura <andrewsh@debian.org>
Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)
commiteead452f2ffa4b1287d91fa0692e9e41d91ada9e
treead2d94ce5f1b27648166aa2219e8257370bc70b2tree | snapshot
parent29d7eeb849a5bf0e1611fdfd5464f2336a04c6d0commit | diff
parent395658d6b70bc65c40c42596c6f5c161978c2f8dcommit | diff
389-ds-base (1.4.4.11-2+deb11u1) bullseye-security; urgency=medium

  * Non-maintainer upload by the LTS team.
  * Backport security patches from the upstream.
    - CVE-2021-3652: Locked crypt accounts on import may allow any password.
    - CVE-2021-4091: Double-free of the virtual attribute context in
      persistent search, forcing the server to behave unexpectedly, and crash.
    - CVE-2022-0918: Denial of service triggered by specially crafted
      unauthenticated message crashing the server.
    - CVE-2022-0996: User with an expired password can still login with full
      privileges.
    - CVE-2022-2850: Crash while managing invalid cookie causing denial of
      service.
    - CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword using
      malformed input.
    - CVE-2024-3657: Failure on the directory server with specially crafted
      LDAP query leading to denial of service.
    - CVE-2024-5953: Denial of service while attempting to log in with
      a user with a malformed hash in their password.

[dgit import unpatched 389-ds-base 1.4.4.11-2+deb11u1]
52 files changed:
debian/389-ds-base-dev.install | | blob
debian/389-ds-base-libs.install | | blob
debian/389-ds-base.default | | blob
debian/389-ds-base.dirs | | blob
debian/389-ds-base.install | | blob
debian/389-ds-base.links | | blob
debian/389-ds-base.lintian-overrides | | blob
debian/389-ds-base.postinst | | blob
debian/389-ds-base.postrm | | blob
debian/389-ds-base.prerm | | blob
debian/README.Debian | | blob
debian/changelog | | blob
debian/cockpit-389-ds.install | | blob
debian/control | | blob
debian/copyright | | blob
debian/gitlab-ci.yml | | blob
debian/missing-sources/bootpopup.js | | blob
debian/missing-sources/bootstrap.js | | blob
debian/missing-sources/c3.js | | blob
debian/missing-sources/d3.js | | blob
debian/missing-sources/jquery-1.12.4.js | | blob
debian/missing-sources/jquery-3.3.1.js | | blob
debian/missing-sources/jquery-ui.js | | blob
debian/missing-sources/jquery.dataTables.js | | blob
debian/missing-sources/jquery.dataTables.select.js | | blob
debian/missing-sources/jquery.dropdown.js | | blob
debian/missing-sources/jquery.js | | blob
debian/missing-sources/jquery.timepicker.js | | blob
debian/missing-sources/jstree.js | | blob
debian/missing-sources/moment.js | | blob
debian/missing-sources/patternfly.js | | blob
debian/patches/4711-SIGSEV-with-sync_repl-4738.patch | | blob
debian/patches/CVE-2017-15135.patch | | blob
debian/patches/CVE-2021-3652-locked-crypt-accounts-may-allow-all-pwd.patch | | blob
debian/patches/CVE-2021-4091-double-free-of-virtual-attribute-ctx.patch | | blob
debian/patches/CVE-2022-0918-Craft-message-may-crash-the-server.patch | | blob
debian/patches/CVE-2022-0996-User-with-expired-password-full-priv.patch | | blob
debian/patches/CVE-2022-2850-Sync_repl-may-crash-with-invalid-cookie.patch | | blob
debian/patches/CVE-2024-2199.patch | | blob
debian/patches/CVE-2024-3657.patch | | blob
debian/patches/CVE-2024-5953.patch | | blob
debian/patches/CVE-2024-8445.patch | | blob
debian/patches/fix-s390x-failure.diff | | blob
debian/patches/fix-saslpath.diff | | blob
debian/patches/series | | blob
debian/python3-lib389.install | | blob
debian/rules | | blob
debian/source/format | | blob
debian/source/lintian-overrides | | blob
debian/tests/control | | blob
debian/tests/setup | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.